{"id":"CVE-2022-41354","details":"An access control issue in Argo CD v2.4.12 and below allows unauthenticated attackers to enumerate existing applications.","aliases":["GHSA-2q5c-qw9c-fmvq","GO-2023-1670"],"modified":"2026-04-10T04:51:19.649603Z","published":"2023-03-27T14:15:07.557Z","related":["GHSA-2q5c-qw9c-fmvq"],"references":[{"type":"WEB","url":"http://argo.com"},{"type":"WEB","url":"https://github.com/chunklhit/cve/blob/master/argo/argo-cd/application_enumeration.md"},{"type":"ADVISORY","url":"https://github.com/argoproj/argo-cd/security/advisories/GHSA-2q5c-qw9c-fmvq"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/argoproj/argo-cd","events":[{"introduced":"df0e2e4015c4cff4e16c8743df9d62f5ca1bdc24"},{"fixed":"598f79236ae4160325b37342434baef4ff95d61c"},{"introduced":"b895da457791d56f01522796a8c3cd0f583d5d91"},{"fixed":"84fbc930161f29ebe45a7da3b2e81ee256d119c2"},{"introduced":"acc554f3d99010e0353b498a595844b30090556f"},{"fixed":"5bcd846fa16e4b19d8f477de7da50ec0aef320e5"}],"database_specific":{"versions":[{"introduced":"0.5.0"},{"fixed":"2.4.28"},{"introduced":"2.5.0"},{"fixed":"2.5.16"},{"introduced":"2.6.0"},{"fixed":"2.6.7"}]}}],"versions":["v0.5.0","v0.5.1","v0.5.2","v0.6.0","v0.6.1","v0.7.0","v0.7.1","v0.8.0","v2.4.0","v2.4.0-rc1","v2.4.0-rc2","v2.4.0-rc3","v2.4.0-rc4","v2.4.0-rc5","v2.4.1","v2.4.10","v2.4.11","v2.4.12","v2.4.13","v2.4.14","v2.4.15","v2.4.16","v2.4.17","v2.4.18","v2.4.19","v2.4.2","v2.4.20","v2.4.21","v2.4.22","v2.4.23","v2.4.24","v2.4.25","v2.4.26","v2.4.27","v2.4.3","v2.4.4","v2.4.5","v2.4.6","v2.4.7","v2.4.8","v2.4.9","v2.5.0","v2.5.1","v2.5.10","v2.5.11","v2.5.12","v2.5.13","v2.5.14","v2.5.15","v2.5.2","v2.5.3","v2.5.4","v2.5.5","v2.5.6","v2.5.7","v2.5.8","v2.5.9","v2.6.0","v2.6.1","v2.6.2","v2.6.3","v2.6.4","v2.6.5","v2.6.6"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-41354.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}]}